mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/models/asymkey/ssh_key_commit_verification.go

ssh_key_commit_verification.go 2.1KB
Raw Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package asymkey

  5. 

  6. import (

  7. 	"bytes"

  8. 	"fmt"

  9. 	"strings"

  10. 

  11. 	"code.gitea.io/gitea/models/db"

  12. 	user_model "code.gitea.io/gitea/models/user"

  13. 	"code.gitea.io/gitea/modules/git"

  14. 	"code.gitea.io/gitea/modules/log"

  15. 

  16. 	"github.com/42wim/sshsig"

  17. )

  18. 

  19. // ParseCommitWithSSHSignature check if signature is good against keystore.

  20. func ParseCommitWithSSHSignature(c *git.Commit, committer *user_model.User) *CommitVerification {

  21. 	// Now try to associate the signature with the committer, if present

  22. 	if committer.ID != 0 {

  23. 		keys, err := ListPublicKeys(committer.ID, db.ListOptions{})

  24. 		if err != nil { // Skipping failed to get ssh keys of user

  25. 			log.Error("ListPublicKeys: %v", err)

  26. 			return &CommitVerification{

  27. 				CommittingUser: committer,

  28. 				Verified:       false,

  29. 				Reason:         "gpg.error.failed_retrieval_gpg_keys",

  30. 			}

  31. 		}

  32. 

  33. 		committerEmailAddresses, err := user_model.GetEmailAddresses(committer.ID)

  34. 		if err != nil {

  35. 			log.Error("GetEmailAddresses: %v", err)

  36. 		}

  37. 

  38. 		activated := false

  39. 		for _, e := range committerEmailAddresses {

  40. 			if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {

  41. 				activated = true

  42. 				break

  43. 			}

  44. 		}

  45. 

  46. 		for _, k := range keys {

  47. 			if k.Verified && activated {

  48. 				commitVerification := verifySSHCommitVerification(c.Signature.Signature, c.Signature.Payload, k, committer, committer, c.Committer.Email)

  49. 				if commitVerification != nil {

  50. 					return commitVerification

  51. 				}

  52. 			}

  53. 		}

  54. 	}

  55. 

  56. 	return &CommitVerification{

  57. 		CommittingUser: committer,

  58. 		Verified:       false,

  59. 		Reason:         NoKeyFound,

  60. 	}

  61. }

  62. 

  63. func verifySSHCommitVerification(sig, payload string, k *PublicKey, committer, signer *user_model.User, email string) *CommitVerification {

  64. 	if err := sshsig.Verify(bytes.NewBuffer([]byte(payload)), []byte(sig), []byte(k.Content), "git"); err != nil {

  65. 		return nil

  66. 	}

  67. 

  68. 	return &CommitVerification{ // Everything is ok

  69. 		CommittingUser: committer,

  70. 		Verified:       true,

  71. 		Reason:         fmt.Sprintf("%s / %s", signer.Name, k.Fingerprint),

  72. 		SigningUser:    signer,

  73. 		SigningSSHKey:  k,

  74. 		SigningEmail:   email,

  75. 	}

  76. }